Sen. Wyden Introduces Bill to Require
Government to Disclose Its Use of Commercial Databases

7/29. Sen. Ron Wyden (R-OR)
introduced S 1484
[9 pages in PDF], "The Citizens' Protection In Federal Databases Act". This is a disclosure bill. It does not actually restrict the government's
collection or use of data. Rather, it would cut off funding for certain
enumerated government entities to obtain or access commercial databases, unless
these entities first provide a detailed report to the Congress and the public
explaining their use of these databases.

The covered entities are the Department of Justice (DOJ), the Department of
Defense (DOD), the Department of Homeland Security (DHS), the Central
Intelligence Agency (CIA), the Department of Treasury (DOT), or the Federal
Bureau of Investigation (FBI). The DOD includes the Defense Advanced
Research Projects Agency (DARPA), which is running the
Terrorism Information Awareness (TIA)
project.

Sen. Wyden (at
right) issued a release that states that the bill "is a response to the
Defense Department’s Terrorism (formerly Total) Information Awareness (TIA)
Program, among other federal initiatives, that propose to gather private
information on law-abiding Americans from numerous public and private
databases." (Parentheses in original.)

The bill recites in its findings that "Many Federal national security, law
enforcement, and intelligence agencies are currently accessing large databases,
both public and private, containing information that was not initially collected
for national security, law enforcement, or intelligence purposes."

It further finds that "Risks to personal privacy are heightened when personal
information from different sources, including public records, is aggregated in a
single file and made accessible to thousands of national security, law
enforcement, and intelligence personnel", and that "The Federal
Government should not access personal information on
United States persons without some nexus to suspected counterintelligence,
terrorist, or other illegal activity.

The bill provides that "Notwithstanding any other provision of law,
commencing 60 days after the date
of the enactment of this Act, no funds appropriated or otherwise made available
to the Department of Justice, the Department of Defense, the Department of
Homeland Security, the Central Intelligence Agency, the Department of Treasury,
or the Federal Bureau of Investigation may be obligated or expended by such
department or agency on the procurement of or access to any commercially
available database unless such head of such department or agency submits to
Congress the report required by subsection (b) not later than 60 days after the
date of the enactment of this Act."

The bill would require that the contents of these reports include "a list of
all contracts, memoranda of understanding, or other agreements entered into by
the department or agency, or any other national security, intelligence, or law
enforcement element under the jurisdiction of the department or agency for the
use of, access to, or analysis of databases that were obtained from or remain
under the control of a non-Federal entity, or that contain information that was
acquired initially by another department or agency of the Federal Government for
purposes other than national security, intelligence, or law enforcement".

The reports would also have to include a statement of the types of data
contained in the databases, the "purposes for which such databases are used,
analyzed, or accessed", and the "extent to which information from such databases
is retained".

The reports would also have to contain a discussion of plans and policies
regarding who would have access to the databases, how unauthorized access would
be monitored, and "an outline of enforcement mechanisms for accountability to
protect individuals and the public against unlawful or illegitimate access or
use of databases."

The bill defines the term database as follows: "any collection or grouping of
information about individuals that contains personally identifiable information
about individuals, such as individual's names, or identifying numbers, symbols,
or other identifying particulars associated with individuals, such as
fingerprints, voice prints, photographs, or other biometrics. The term does not
include telephone directories or information publicly available on the Internet
without fee."

The Privacy Act of 1974 regulates the government's use of personal
information. The GAO, which is an arm of the Congress, examined a sample of 25
departments and agencies, and prepared a report for
Sen. Joe Lieberman (D-CT),
the ranking Democrat on the Senate
Governmental Affairs Committee.

The GAO concludes that "If these issues and the overall uneven
compliance are not addressed, the government will not be able to provide the
public with sufficient assurance that individual privacy rights are
appropriately protected."

The report found that "A key characteristic of agencies’ systems of records is that a
large proportion of them are electronic, reflecting the government’s significant
use of computers and the Internet to collect and share personal information.
Based on survey responses, we estimate that 70 percent of the agencies' 2,400
systems of records contain electronic records. Specifically, an estimated 12
percent were exclusively electronic records, 58 percent were a combination of
paper and electronic, and 31 percent were exclusively paper records.
In addition, agencies allowed individuals
to access their personal information via the Internet in an estimated 9 percent
of systems of records (about 1 in 10)."

The GAO found that "While compliance with Privacy Act provisions and related OMB
guidance was generally high in many areas, according to agency reports, it was
uneven across the federal government -- ranging from 100 percent to about 70
percent for the various provisions. For example, we estimate that for all
systems of records (100 percent), agencies issued the required rule that
explains to the public why they exempted the system of records from one or more
of the act’s privacy protections. In contrast, fewer agencies were compliant
with the provision that information should be complete, accurate, relevant, and
timely before it is disclosed to a nonfederal organization; we estimate that
agencies took steps to comply with this requirement for 71 percent of systems of
records."

The GAO report states that agency officials "identified barriers
to improved compliance that include a need for more OMB leadership and guidance
on the act, low agency priority given to implementing the act, and insufficient
training on the act. In the absence of consistent compliance with the Privacy
Act, the government cannot adequately assure the public that all legislated
individual privacy rights are being protected."

7/30. The AEI Brookings
Joint Center for Regulatory
Studies released a
paper [34 pages
in PDF] titled "Enforced Standards Versus Evolution by General Acceptance:
A Comparative Study of E-Commerce Privacy Disclosure and Practice in The U.S.
and The U.K." The paper was written by
Karim Jamal, Michael Maier, and Shyam Sunder.

The paper presents data on privacy practices in e-commerce in
the United Kingdom, which is governed by the European Union's regulatory regime,
and data on privacy practices in the U.S., which does not have a regulatory
regime. The paper concludes that "The codification by the EU law, and the
enforcement by the U.K. government, improves neither the disclosure nor the
practice of e-commerce privacy relative to the U.S. On the contrary, some
evidence shows the unregulated practices in U.S. to be superior. Regulation in
the U.K. also appears to stifle development of a market for web assurance
services. Both U.S. and U.K. consumers continue to be vulnerable to a small
number of e-commerce websites who spam their customers, ignoring the latter’s
expressed or implied preferences."

The paper finds that "A comparison of the U.S. and the U.K.
practices reveals that the frequency of junk email received by those who
register at e-commerce websites in the two countries is about the same. Only a
small number of websites in the two countries violate the privacy of their
customers by sharing personally identifiable information with third parties."

However, the paper also finds that "the unregulated disclosures
of privacy policies in U.S. dominate the regulated disclosures in U.K. (from the
consumer’s point of view). This comparison raises important questions about the
validity of the assumption that the standardized and enforced financial
reporting regimes, which have gained significant currency around the world in
recent years, dominate the evolutionary approach of generally accepted
accounting principles." (Parentheses in original.)

The paper elaborates that "One consequence of a legislated approach to
setting e-commerce privacy
standards appears to be the elimination, or preclusion, of a market for private
web assurance. Since the law in the U.K. specifies privacy disclosure
requirements, and there is no legal requirement to purchase a privacy audit
certificate, there is no market for privacy assurance seals. Contrary to its
intent, the privacy disclosure law appears to have eliminated the incentives for
the websites to use web-seals as signals of their good privacy practices to
consumers."

In addition, it states that "In the absence of mandated standards, U.S.
websites tend to view the
disclosure of privacy policies as an instrument of their marketing strategy to
attract consumers. Accordingly, they make it easy to find their statements of
policy, and adhere to these policies reasonably closely. U.K. websites, on the
other hand, appear to view privacy disclosure as merely a compliance matter;
they appear to be, at the very least, indifferent to the consumer concerns about
their privacy policies, and on average, make it more difficult than in U.S. for
their customers to find their statements of policy."

Jim Harper, the editor of Privacilla,
commented on the AEI Brookings paper. He stated in a
release that
"While Europe has built a creaking privacy bureaucracy, America is poised to
move forward with new innovations that benefit consumers. Countries that follow
the bureaucratic model will stand on the sidelines as U.S. consumers
consistently enjoy more goods and services at lower prices, along with the
privacy protection they want. Europe may have all the regulations, but the
American system delivers real privacy for real people."

GAO Reports on WTO Trade Remedy Rulings

7/30. The General Accounting Office (GAO)
released a report [128
pages in PDF] titled "World Trade Organization: Standard of Review and Impact of
Trade Remedy Rulings".

The report states that "About a third of the cases filed in the WTO
dispute settlement system from 1995 through 2002 challenged members’ trade
remedies", and that "the United States
faced substantially more challenges than other WTO members."

The report also states that "the WTO ruled for and against the U.S. and other members
in roughly the same ratios." Also, "WTO rulings resulted in few changes to
members' laws, regulations, and practices but had a relatively greater impact on
those of the United States. While U.S. agencies stated that WTO rulings have not
yet significantly impaired their ability to impose trade remedies, they had
concerns about the potential future adverse impact of WTO rulings."

In addition, it states that "legal experts ... concluded that
the WTO has properly applied standards of review and correctly ruled on major
trade remedy issues. However, a significant minority strongly disagreed with
these conclusions."

The bill authorizes appropriations for fiscal years 2004 through 2008 for NTIA
administration, and for Technology Opportunity Program (TOP) grants, as
follows:

Administration

TOP Grants

2004

$18,869,000

$15,862,000

2005

$19,435,000

$16,338,000

2006

$20,018,000

$16,828,000

2007

$20,619,000

$17,333,000

2008

$21,237,000

$17,852,000

The bill also amends the NTIA Organization Act's provision relating to
spectrum management. See,
47 U.S.C. § 903.
The bill provides that "the NTIA shall assess against, and collect from, each Federal
agency for which the NTIA assigns spectrum or provides any spectrum management
functions a charge to cover the costs thereof." The bill further provides that
"The NTIA may not assign any
spectrum for use for, or provide any spectrum management functions with respect
to, any Federal agency, except to the extent that the NTIA obtains reimbursement
for the costs thereof.'."

His
biography in the Hogan & Hartson web site states that "has
developed a unique practice representing property owners and governmental
entities in cases arising under the ``takings´´ clause of the Fifth Amendment to the U.S.
Constitution." This clause provides, "nor shall private property be taken
for public use without just compensation". While many of the leading cases in
this area deal with real property rights and environmental issues, this clause
also has application to intangible property in the technology sector, such as in
compulsory licensing of patents and copyrights in music or software, and
infringement of patents and copyrights by governmental entities.

The Court of Federal Claims, which has national jurisdiction, is authorized
to hear primarily money claims founded upon the Constitution, federal statutes,
executive regulations, or contracts, express or implied-in-fact, with the United
States.

The FCC's Wireless Telecommunications
Bureau (WTB), and the Department of Agriculture's (USDA)
Rural Utilities Service (RUS) Administrator,
will report on the recently launched USDA/FCC initiative to increase broadband
deployment and wireless access for the benefit of rural consumers.

The FCC will consider a Report and Order concerning the Alaska Bush Earth
Station policy. See, February 11, 2002
NPRM
[10 pages in PDF] in which the FCC proposed to eliminate the "Bush Policy",
which "precludes installing or operating more than one satellite earth station
in any Alaskan Bush community1 for competitive carriage of interstate Message
Telephone Service (``MTS´´) communications -- i.e., ordinary interstate, interexchange
toll telephone calls." This is IB Docket No. 02-30 and RM-7246.

The FCC will consider a Notice of
Proposed Rulemaking (NPRM) regarding rules, policies and procedures for digital
station operations for low power television, TV translators and TV booster
stations, which primarily provide television service to smaller geographic
regions and rural communities.

The FCC's Wireline Competition Bureau
(WCB) will report on the growth of subscribership to high-speed service during the
last three years.

9:30 AM. The
Senate Banking Committee will
meet to mark up two bills, including
S 627, the
"Unlawful Internet Gambling Funding Prohibition Act", a bill to prevent
the use of certain payments instruments, credit cards, and fund transfers for
unlawful internet gambling. The Committee will then hold a hearing on measures
to enhance the operation of the Fair Credit
Reporting Act. Location: Room 538 Dirksen Building.

? 9:30 AM. The Senate Judiciary
Committee might hold an executive business meeting. The
agenda
includes consideration of several judicial nominees, and several bills,
including S 1177,
the "Prevent All Cigarette Trafficking (PACT) Act of 2003".
See, story titled "Senators Introduce Bill to Regulate Internet Cigarette
Sales" in TLJ
Daily E-Mail Alert No. 675, June 6, 2003. The judicial nominations are
Steven Colloton (U.S. Court of Appeals for the Eighth Circuit), James
Browning (District of New Mexico), Brent McKnight (Western
District of North Carolina), David Proctor (Northern District of Alabama),
Kevin Castel (Southern District of New York), Sandra Feuerstein (Eastern
District of New York), Richard Holwell (Southern District of New York), and
Stephen Robinson (Southern District of New York). The DOJ nominations are
Rene Acosta to be an Assistant Attorney General in charge of the
Civil Rights Division,
and Daniel Bryant to be an Assistant Attorney General in charge of the
Office of Legal Policy. Press contact:
Margarita Tapia (Hatch) at 202 224-5225 or David Carle (Leahy) at 202
224-4242. This Committee frequently changes the time and agenda of its
meetings without notice. Location: Room 226, Dirksen Building.

Deadline to submit applications for loans or combination loans and grants
to the Rural Utilities Service (RUS)
under its FY2003 Distance Learning and Telemedicine Program. See,
notice in Federal Register, March 3, 2003, Vol. 68, No. 41, at Page 9973.

Deadline to submit comments to the Federal
Communications Commission (FCC) in response to its
Notice of Inquiry [21 pages in PDF] in its proceeding titled "In the Matter
of Inquiry Regarding Carrier Current
Systems, including Broadband over Power Line Systems". See,
notice in the Federal Register, May 23, 2003, Vol. 68, No. 100, at Pages 28182 - 28186.
See also, story titled "FCC Announces NOI Regarding Broadband Over Powerlines"
in TLJ Daily E-Mail Alert No. 628, April 24, 2003, and story titled "FCC
Releases NOI on Broadband Over Power Lines" in TLJ Daily E-Mail Alert No. 656,
May 7, 2003.This is ET Docket No. 03-104. For more information, contact Anh Wride at 202
418-0577 or anh.wride@fcc.gov.

Donaldson (at right)
stated that "The mid-1990s saw the beginning
of the full flourish of the so-called ``new economy´´ in America. Not only had
the economy changed, but so had living in America. The personal computer became
nearly omnipresent in businesses and in many homes. There were revolutions in
information technology and communications. The Internet changed the way people
did business, and the way they lived their lives."

He continued that "The stock market reflected the enormity of the changes
taking place in the economy and society. Stock averages soared at increasing
rates from the mid-1990s through early 2000. New entrants to the market were
among the biggest gainers, especially those that symbolized the ``dot.com´´ sector of the economy.
The IPO of then fifteen-month old Netscape in August 1995 was a harbinger for
market watchers -- the price of Netscape went up 150% on the first day of
trading. During the market boom there were IPOs where the first-day price
increase left Netscape in the dust. Communications, the explosion of information
technology and changes in the culture of equity investing brought millions of
individuals with their savings into our stock markets for the first time."

"Starting in the second quarter of 2000, the bubble burst. Stock prices
plummeted. Investors fled the markets. And the IPO market disappeared", said
Donaldson.

He also commented about the framework for regulating securities markets.
"We also are taking a comprehensive look at the complex issues involving the
structure of our markets -- including their regulation, the balance between
competition and fragmentation, and the use of market data -- all in the context
of our global marketplace. These market structure issues are among the thorniest
the Commission faces, but also the most important. Revolutions in technology and
communications and the unrelenting pace of globalization make it imperative that
we revisit on a comprehensive basis the framework of our system for regulating
markets."

About Tech Law Journal

Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
information page.